Nov 03 2015

Online Phishing

Online phishing (pronounced like the word fishing) is a method used by tricksters and fraudsters to gat you to reveal personal or financial information. This is done using a fraudulent email or website.

Most common phishing scams start with an email message that looks like an official email from a trusted source, for example a credit card company, bank, or online retailer. In these messages the recipient is directed to a fraudulent website, this has been designed to look like the actual website of the bank, credit card company, or retailer. On the website the recipient is then asked to provide personal or financial information, which can be used for identity theft, or accessing the recipient’s bank account.

Recognising Phishing Scams

Phishing scams either offer some type of enticement, or threat to get you onto the fraudulent website. It’s easier to identify these before going onto the website, than deal with the consequences. Here are some tips to help you recognize a phishing scam.

  • When the offer seems too good to be true, it probably is.
  • When asked to send personal or account info (like your user name and password, your date of birth, or bank info) by replying to the email. Legitimate companies will never ask you to provide this sort of info via email, they will ask you to go to their website to sign in and update your info there.
    Warning: In suspicious-looking email, never click links that supposedly take you to a company website. The sender might be spoofing the website (providing their own fake version) to collect your sign-in info. When in doubt, go to the website using favorites, search for the true website, or by entering the web address in the address box.
  • When the sender’s email address has an overseas domain. For example: someone@example.uk.co, @example.ru, or @example.ng.
  • When the sender’s email address has a domain that’s a string of seemingly random numbers and or letters. For example: @Wbg67TY.com.
  • When the sender’s name in the header doesn’t match the sender’s email address.
  • When the tone is personal and confidential, but it looks like a group email, with a generic greeting. For example: “Dear  Customer”,  “Dear  Sir or Madam”, “Dear valued Customer”, and so on

Some common types of scams

Here are some of the most common types of scams, with additional clues on how to recognize them.

Verify your account now or we’ll close it!

The scam:  You get an email that looks like it’s from your bank, or an e-commerce service like PayPal or Ebay, or from your email provider, warning that your account will be suspended or closed unless you “verify” your account by replying with your account info.
What the scammer wants:  In the case of bank or e-commerce scams, they want your personal info so they can steal your identity, empty your bank accounts, and run up charges on your credit card. If it’s supposedly from your email provider, the scammer wants your email account user name and password so they can hack your account and use it to send out junk email.
Additional clues that it’s a scam:  It demands an urgent reply (for example, “You must verify within twenty-four hours”). This gives you little time to research if it’s legitimate.
Actions you can take:  First and foremost, do NOT reply with any personal or account info, matter how dire the warnings sound

  • If it’s a bank or e-commerce site, contact the company’s customer service via phone or online to see if the email is legitimate.

A large sum of money can be yours, just send your personal info—or some cash

The scam: There’s money sitting in some account that some official-sounding person wants to share with you. All you have to do is send him your personal info or some money
What the scammer wants: Sometimes they just want you to send them money. Other times they want your personal info so they can steal your identity, empty your bank accounts, and run up charges on your credit card.
Additional clues that it’s a scam:
  • Any deal that involves an international bank, or where you have to send your info or cash overseas should be highly suspect.
  • There’s often an element of larceny. Maybe the money isn’t really yours or theirs, but the rightful owner is dead, or a corrupt official, or some faceless company who will never miss it. Or the money is supposedly yours, but some other party is trying to steal it.
  • If there’s anything at all suspect about the deal, or if you don’t understand why someone you don’t know is making you (out of all the people in the world) this offer, you can bet that you’re being conned.
Actions you can take: First and foremost, do NOT reply with any personal or financial info, matter how tempting the offer sounds.

You’re our big winner!

The scam: Congratulations! You just won the lottery! Or you were entered in a Microsoft sweepstakes and you’ve won the jackpot!
What the scammer wants:  Your personal info so they can steal your identity and empty your bank accounts.
Additional clues that it’s a scam:
  • You were entered in the lottery or sweepstakes without your knowledge or permission.
  • They ask for your bank info so they can make a direct deposit.
  • The purpose of a sweepstakes is so the company can gather personal info via the form you fill out when you enter. They then sell that info or use it to market their products and services to you. No legitimate sweepstake needs you to give them your info—you already did.
Actions you can take: First and foremost, do NOT reply with any personal or financial info, matter how tempting the offer sounds.

Help! I’m stranded

The scam:  A friend of yours is on vacation and got stranded. They need you to wire them some money, fast!
What the scammer wants:  For you to send them some money
Additional clues that it’s a scam: This one can be tougher to spot. Typically, the scammer has hacked your friend’s email account and sent this “emergency” email to your friend’s contact list. The sender email address will be legitimate. The salutation might even be personal (“Dear Joe”) but is the email really from your friend?
Actions you can take:  Before you do anything else, stop and do a reality check.

  • Pick up the phone and call your friend. If you can’t get a hold of them, try contacting mutual friends.
  • Ask yourself the following questions:
    • The email probably says they are desperate and don’t know where else to turn, but do the two of you have the sort of relationship where they would turn to you for such a request?
    • Did they say anything to you earlier about taking a trip?
    • What’s the likelihood of your friend being in the situation the email claims they are in, of doing whatever the email claims they have done?
    • Does it sound like your friend?
  • Unless you can contact your friend or a reliable mutual friend by some method other than email, you should probably assume it’s a scam. Report it as My friend’s been hacked (see above).

“If you (don’t) forward this email, something (bad) good will happen!”

The scam: Forward this email and you will be sent £500! Forward this petition to keep emailforfree.com a free service!

OR

Warn all your friends about this scary computer virus!
What the scammer wants:  To watch their hoax go viral and brag to their spammer friends.
Actions you can take: If it’s about a computer virus or other security threat, go to the website for your antivirus software and look at the latest threat info.

Help protect yourself from phishing scams

You might receive email that seems legitimate, but is actually a phishing scam—an attempt to get your personal info or steal your money.

  • Never reply to an email that asks you to send personal or account info.
  • In suspicious-looking email, never click links that supposedly take you to a company website. The sender might be spoofing the website (providing their own fake version) to collect your sign-in info.
  • Never open any file attached to a suspicious-looking email. It might contain a virus or other malware.
  • If the email claims to come from some company, contact the company’s customer service via phone or online to see if the email is legitimate. You can also forward the email to the third party’s abuse or fraud department.
  • Go to a hoax-debunking website like snopes.com and search on the email’s subject.
  • Resist the urge to respond, even to taunt or chastise the sender. You’ll just confirm that your email address is valid, and end up getting more junk email.

Leave a Reply

Your e-mail address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.